AWS has announced the general availability of CloudFormation Guard (cfn-guard).

The open source tool checks CloudFormation templates for policy compliance using a simple, policy-as-code, declarative language.

This GA release enhances the preview release of cfn-guard (June 2020) with new features. It enables developers to create advanced rules, including rules based on conditions, rules comparing resource properties to numbers, comments on rule sets, and more.

For example, along with rules on resource properties (e.g. Encryption), developers can now create rules on resource attributes (e.g. Deletion Policy).

This release is also claimed to simplify the installation of cfn-guard. Developers on macOS and Windows machines can now quickly install cfn-guard using the Homebrew and Chocolatey package managers respectively.

Further, CloudFormation helps companies apply DevOps and GitOps best practices using widely adopted processes such as starting with a git repository and deploying through a CI/CD pipeline.

Finally, this release improves stability and performance of cfn-guard.

You may also like